Here is the situation
I am slowly migrating from a Cisco VPN 3030 concentrator to a Cisco ASA5540
My L2L tunnels are coming along fine, but I am running into issues with the Remote VPN Clients attaching.
I have set up the AAA and this works correctly, as well as building the profile. ( we use IPSec )
My issues are with the IP address Pool. we are using a different set of ip address than the Concentrator.
I have set up the routing on the next hop inside to point to the ASA as the home of the Pool of ip address.
But, I am not getting any through put.
I can attach to the ASA with a Remote Client it checks the Radius server, and all of the Authentication goes through. But I can not access anything.
All trace routes for the IP address pool from inside the network point to the ASA.
Is there something else I need to set up besides just assign the IP Address Pool?
any suggestion would be helpful
Please rate the posts and mark the question as resolved.
The problem is not necessarily routing. Check the following other things:
1. Do you have nat exemption for the VPN pool (you need it)...If not youll see syslog messages about no translation group found and the traffic will be dropped. Assume your VPN pool is 172.16.4.0 255.255.255.255. You would add:
access-list nonat permit ip any 172.16.4.0 255.255.255.0
nat (inside) 0 access-list nonat
2. Do you have an access-group applied to the interface? Do a "show run access-group." If you have one applied make sure the access-list permits the traffic to the VPN client pool
3. If this is IPSec and either the client or the ASA is behind NAT, you need to have the following command:
Please rate this post if it helped you.